id: url-extension-inspector info: name: URL Extension Inspector author: ayadim severity: unknown description: | This template assists you in discovering intriguing extensions within a list of URLs. reference: - https://github.com/CYS4srl/CYS4-SensitiveDiscoverer/ tags: file,urls,extension file: - extensions: - all extractors: - type: regex name: Hot finding regex: - "(?i)(htdocs|www|html|web|webapps|public|public_html|uploads|website|api|test|app|backup|bin|bak|old|release|sql)\\.(7z|bz2|gz|lz|rar|tar\\.gz|tar\\.bz2|xz|zip|z)" - type: regex name: Backup file regex: - "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)" - type: regex name: PHP Source regex: - "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)" - type: regex name: ASP Source regex: - "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)" - type: regex name: Database file regex: - "(?i)\\.db|\\.sql" - type: regex name: Bash script regex: - "(?i)\\.sh|\\.bashrc|\\.zshrc" - type: regex name: 1Password password manager database file regex: - "(?i)\\.agilekeychain" - type: regex name: ASP configuration file regex: - "(?i)\\.asa" - type: regex name: Apple Keychain database file regex: - "(?i)\\.keychain" - type: regex name: Azure service configuration schema file regex: - "(?i)\\.cscfg" - type: regex name: Compressed archive file regex: - "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)" - type: regex name: Configuration file regex: - "(?i)(\\.ini|\\.config|\\.conf)" - type: regex name: Day One journal file regex: - "(?i)\\.dayone" - type: regex name: Document file regex: - "(?i)(\\.doc|\\.docx|\\.rtf)" - type: regex name: GnuCash database file regex: - "(?i)\\.gnucash" - type: regex name: Include file regex: - "(?i)\\.inc" - type: regex name: XML file regex: - "(?i)\\.xml" - type: regex name: Old file regex: - "(?i)\\.old" - type: regex name: Log file regex: - "(?i)\\.log" - type: regex name: Java file regex: - "(?i)\\.java" - type: regex name: SQL dump file regex: - "(?i)\\.sql" - type: regex name: Excel file regex: - "(?i)(\\.xls|\\.xlsx|\\.csv)" - type: regex name: Certificate file regex: - "(?i)(\\.cer|\\.crt|\\.p7b)" - type: regex name: Java key storte regex: - "(?i)\\.jks" - type: regex name: KDE Wallet Manager database file regex: - "(?i)\\.kwallet" - type: regex name: Little Snitch firewall configuration file regex: - "(?i)\\.xpl" - type: regex name: Microsoft BitLocker Trusted Platform Module password file regex: - "(?i)\\.tpm" - type: regex name: Microsoft BitLocker recovery key file regex: - "(?i)\\.bek" - type: regex name: Microsoft SQL database file regex: - "(?i)\\.mdf" - type: regex name: Microsoft SQL server compact database file regex: - "(?i)\\.sdf" - type: regex name: Network traffic capture file regex: - "(?i)\\.pcap" - type: regex name: OpenVPN client configuration file regex: - "(?i)\\.ovpn" - type: regex name: PDF file regex: - "(?i)\\.pdf" - type: regex name: PHP file regex: - "(?i)\\.pcap" - type: regex name: Password Safe database file regex: - "(?i)\\.psafe3" - type: regex name: Potential configuration file regex: - "(?i)\\.yml" - type: regex name: Potential cryptographic key bundle regex: - "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)" - type: regex name: Potential private key regex: - "(?i)otr.private_key" - type: regex name: Presentation file regex: - "(?i)(\\.ppt|\\.pptx)" - type: regex name: Python file regex: - "(?i)\\.py" - type: regex name: Remote Desktop connection file regex: - "(?i)\\.rdp" - type: regex name: Ruby On Rails file regex: - "(?i)\\.rb" - type: regex name: SQLite database file regex: - "(?i)\\.sqlite|\\.sqlitedb" - type: regex name: SQLite3 database file regex: - "(?i)\\.sqlite3" - type: regex name: Sequel Pro MySQL database manager bookmark file regex: - "(?i)\\.plist" - type: regex name: Shell configuration file regex: - "(?i)(\\.exports|\\.functions|\\.extra)" - type: regex name: Temporary file regex: - "(?i)\\.tmp" - type: regex name: Terraform variable config file regex: - "(?i)\\.tfvars" - type: regex name: Text file regex: - "(?i)\\.txt" - type: regex name: Tunnelblick VPN configuration file regex: - "(?i)\\.tblk" - type: regex name: Windows BitLocker full volume encrypted data file regex: - "(?i)\\.fve"